It is safe to say that most people from eleven to eighty have a smartphone. However, most of these users are unaware of a simple fact: your smartphone is far more vulnerable than most of us think. The reasons are many; this blog will focus on some of the reasons.
Personal Identification Numbers
A very basic point that people overlook is that most people use common Personal Identification Numbers (PINs) for their phone as they are simple and easy to remember. Dave Johnson has written an article here focusing on PINs. In descending order of popularity, here are the top 5 utilized PINs.
- 1234 is by far the most commonly used PIN, for obvious reasons.
- 0000 is the next most popular with about 50% frequency of the #1 PIN.
- 2580 (which are the numbers running straight down the keypad) is a close third.
- 1111 like #2 repetitive
- 5555 again repetitive
Phone Quality
Improve the security on your smartphone by purchasing a high-end phone. 88% of all phones worldwide are Androids. The remaining 12% are Apple’s iPhone. iPhone probably has the best native security. Android phones made by Google like the Nexus and the Pixel have security on par with Apple’s iPhone. Avoid the generic phones such as Huwei, Sony, and Xiaomi. If you cannot afford the more expensive phones then please, at least, lock everything down, as per this blog.
GPS Exposure
GPS exposes vulnerabilities in several different manners. Let us just look at one. Most of our kids had at least a brief obsession with Pokémon-Go. You can imagine if you were a nasty character, kids are an easy target. Mr. Nasty plays Pokémon go and finds a Pokémon Gym or site with a single user. Mr. Nasty shows up and grabs the phone from the unsuspecting child. Additionally many, if not most, applications tie into GPS which will give someone visibility into where you are and what you are doing. This is not only a vulnerability to your phone and its security but presents a risk directly to you, the user.
User Education
Uneducated users introduce vulnerabilities into their smartphones voluntarily, although unwittingly. As of 2016 more than half of all smartphone users had downloaded unsafe files or content to their mobile device. The path(s) that these users follow prior to accepting the malicious content are many. One of the most common is a Drive-by Download, which could be stumbled upon or guided via social media links. Clickjacking is similar to Drive-by, but the user does not even know they are clicking something, as it may be invisible to the user. Some of the other flavors of exploits that users invite are P2P exploits, malvertising, and phishing. Proper education of users will mitigate these risks.
Author Bio: John Busso is a Senior Network Engineer/Mobility Specialist at CCSI. He has almost 20 years experience providing secure voice and data solutions. John has been a Subject Matter Expert for Enterprise Mobile Solutions such as Guest WiFi and BYOD, providing vision for diverse clients.
John has been an Adjunct Professor and trainer. He holds numerous Industry certifications, including CISSP CWNP, CCNP, ACMP and ITIL. His experience includes working with retail, TNL-Couriers, DC’s and Airports, Healthcare, Education, DOD, Local Government, Financial, Non-Profit-Public WiFi, Entertainment and Hospitality industries. His expertise is in mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, licensed/unlicensed PTP and PTMP networks. Connect with John on Twitter via @JohnBusso.